Bogdan Ksiezopolski

QoP-ML: Quality of protection modelling language for cryptographic protocols

Cryptographic protocols can be realized on different levels of security. One can choose factors which have different impact on the overall system security. Traditionally, protocols have been configured with the strongest possible security mechanisms. Unfortunately, the strongest protection (especially in low resource devices) can lead to the denial of services. In such a situation the quality of protection models which scales the protection level depending on the specific requirements is used. In the article, we proposed the quality of protection modelling language (QoP-ML) which provides the modelling language for abstracting the cryptographic protocols. All of the security operations/mechanisms which are executed while running cryptographic protocols can be modelled with the QoP-ML. In the QoP-ML, the defined operations can be described by the security metrics which allow performing quality of protection evaluation. In the paper, the syntax and semantics of the Quality of Protection modelling language will be presented. Finally, the Needham-Schroeder public key protocol will be modelled by QoP-ML and their QoP evaluation will be discussed.

Adaptive Approach to Network Security

The security of information exchange between the parts in the teleinformatic infrastructure is one of the crucial topics. During the protecting the infrastructure of the organization, one can use a lot of mechanisms which are often based on the cryptographic primitives. Traditionally, the security officers model the protection system to be as strong as it is possible. However, the level of protection of information is often much higher than it is necessary to meet potential threats. Since the level of security strongly affects the performance of the whole system, the excessive protection decreases its reliability and availability and, as a result, its global security. The appropriate security level can be estimated by means of different quality of protection models. In this paper we are going to present the approach how to introduce the adaptability to the network. We are basing on the adaptable security model for dynamic environment which calculates the protection level by means of the risk management processes. The analysis is assisted by the security management tool (SPOT) which visualizes and optimizes the adaptable model mentioned above. Finally, we present the case study introducing the network adaptability of the cryptographic protocol.

CMAC, CCM and GCM/GMAC: Advanced modes of operation of symmetric block ciphers in wireless sensor networks

Symmetric block ciphers are usually used in WSN for security services. This paper puts forward the idea of using advanced modes of operation of symmetric block ciphers to achieve confidentiality and authentication in one cryptographic operation. The modes of operation approved by NIST that is CMAC, CCM, GCM/GMAC are applied here. The benchmarks of these approaches in the terms of efficiency of nodes in WSN are presented.

Secure and Time-Aware Communication of Wireless Sensors Monitoring Overhead Transmission Lines

Existing transmission power grids suffer from high maintenance costs and scalability issues along with a lack of effective and secure system monitoring. To address these problems, we propose to use Wireless Sensor Networks (WSNs)as a technology to achieve energy efficient, reliable, and low-cost remote monitoring of transmission grids. With WSNs, smart grid enables both utilities and customers to monitor, predict and manage energy usage effectively and react to possible power grid disturbances in a timely manner. However, the increased application of WSNs also introduces new security challenges, especially related to privacy, connectivity, and security management, repeatedly causing unpredicted expenditures. Monitoring the status of the power system, a large amount of sensors generates massive amount of sensitive data. In order to build an effective Wireless Sensor Networks (WSNs) for a smart grid, we focus on designing a methodology of efficient and secure delivery of the data measured on transmission lines. We perform a set of simulations, in which we examine different routing algorithms, security mechanisms and WSN deployments in order to select the parameters that will not affect the delivery time but fulfill their role and ensure security at the same time. Furthermore, we analyze the optimal placement of direct wireless links, aiming at minimizing time delays, balancing network performance and decreasing deployment costs.

Security trade-off and energy efficiency analysis in wireless sensor networks

With a rapid progress of numerous applications in wireless sensor networks (WSNs), performance evaluation and analysis techniques face new challenges in energy efficiency area in WSN applications. One of the key issues is to perform the security trade-off and energy efficiency analysis. In this paper, the energy analysis module for the QoP-ML (quality of protection modeling language) is proposed by means of which one can analyze the influence of various security levels on the energy consumption of a protocol. Moreover, an advanced communication module is proposed as an extension of the QoP-ML language, which enhances the abilities to analyze complex wireless sensor networks. The case study of WSN deployed on the Jindo Bridge in South Korea was carried out and the lifetime of protocols with various security levels was simulated. The results show that the introduction of various security levels can entail large differences in performance and energy consumption, and hence result in different lifetime. Therefore, the designers of WSN protocols should search for balance between the required lifetime and security level. The introduced QoP-ML extension, along with the AQoPA (automated quality of protection analysis) tool, has been developed to meet the above requirements.

On Authentication Method Impact upon Data Sampling Delay in Wireless Sensor Networks

Traffic in Wireless Sensor Network (WSN) consists of short packets sent by nodes that are usually identical in respect of software applied and their hardware architecture. In such a communication environment it is important to guarantee authentication of the nodes. The most popular way to achieve this basic security service is using Message Authentication Code (MAC). The sensor node’s harbware is very limited so the cryptography used must be very efficient. In the article we focus on the influence of the authentication method’s performance on delays in data sampling by the sensor nodes. We present efficiency results for MACs generation in the node. We compare the results for approved, standardized and commonly-used schemes: CMAC, GMAC and HMAC based on MD5 and SHA-1. Additionally, we compare the obtained results with the performance of PKC-based authentication method using the ECDSA.

On the efficiency modelling of cryptographic protocols by means of the quality of protection modelling language (QoP-ML)

The problem of efficiency in the IT systems is now widely discussed. One of the factors affecting the performance of IT systems is implementation and maintaining a high level of security. In many cases the guaranteed security level is too high in relation to the real threats. The implementation and maintenance of this protection level is expensive in terms of both productivity and financial costs. The paper presents the analysis of TLS Handshake protocol in terms of quality of protection performed by the Quality of Protection Modelling Language (QoP-ML). The analysis concerns efficiency.

Multilevel Modeling of Distributed Denial of Service Attacks in Wireless Sensor Networks

The growing popularity of wireless sensor networks increases the risk of security attacks. One of the most common and dangerous types of attack that takes place these days in any electronic society is a distributed denial of service attack. Due to the resource constraint nature of mobile sensors, DDoS attacks have become a major threat to its stability. In this paper, we established a model of a structural health monitoring network, being disturbed by one of the most common types of DDoS attacks, the flooding attack. Through a set of simulations, we explore the scope of flood-based DDoS attack problem, assessing the performance and the lifetime of the network under the attack condition. To conduct our research, we utilized the Quality of Protection Modeling Language. With the proposed approach, it was possible to examine numerous network configurations, parameters, attack options, and scenarios. The results of the carefully performed multilevel analysis allowed us to identify a new kind of DDoS attack, the delayed distributed denial of service, by the authors, referred to as DDDoS attack. Multilevel approach to DDoS attack analysis confirmed that, examining endangered environments, it is significant to take into account many characteristics at once, just to not overlook any important aspect.

Multihop Node Authentication Mechanisms for Wireless Sensor Networks

Designing secure authentication mechanisms in wireless sensor networks in order to associate a node to a secure network is not an easy task due to the limitations of this type of networks. In this paper, we propose different multihop node authentication protocols for wireless sensor networks. For each protocol, we provide a formal proof using Scyther to verify the security of our proposals. We also provide implementation results in terms of execution time consumption obtained by real measurements on TelosB motes. These protocols offer different levels of quality of protection depending on the design of the protocol itself. Finally, we evaluate the overhead of protection of each solution, using AQoPA tool, by varying the security parameters and studying the effect on execution time overhead of each protocol for several network sizes.

On the modelling of Kerberos protocol in the Quality of Protection Modelling Language (QoP-ML)

The security modelling of IT systems is a very complicated task. One of the issues which must be analysed is the performance of IT systems. In many cases the guaranteed security level is too high in relation to the real threats. The overestimation of security measures can decrease system performance. The paper presents the analysis of Kerberos cryptographic protocol in terms of quality of protection performed by Quality of Protection Modelling Language (QoP-ML). The analysis concerns the availability attribute. In the article the Kerberos protocol was modelled and the QoP analysis of two selected versions was performed.